Example 1 with RequestSecurityTokenCollectionType
use of org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenCollectionType in project cxf by apache.
the class ValidateUnitTest method testValidateMultipleTokens.
/**
* Test to successfully validate multiple (dummy) tokens.
*/
@org.junit.Test
public void testValidateMultipleTokens() throws Exception {
TokenRequestCollectionOperation requestCollectionOperation = new TokenRequestCollectionOperation();
TokenValidateOperation validateOperation = new TokenValidateOperation();
requestCollectionOperation.setValidateOperation(validateOperation);
// Add Token Validator
List<TokenValidator> validatorList = new ArrayList<>();
validatorList.add(new DummyTokenValidator());
validateOperation.setTokenValidators(validatorList);
// Add STSProperties object
STSPropertiesMBean stsProperties = new StaticSTSProperties();
validateOperation.setStsProperties(stsProperties);
// Mock up a request
RequestSecurityTokenCollectionType requestCollection = new RequestSecurityTokenCollectionType();
RequestSecurityTokenType request = new RequestSecurityTokenType();
JAXBElement<String> tokenType = new JAXBElement<String>(QNameConstants.TOKEN_TYPE, String.class, STSConstants.STATUS);
request.getAny().add(tokenType);
JAXBElement<String> requestType = new JAXBElement<String>(QNameConstants.REQUEST_TYPE, String.class, TokenRequestCollectionOperation.WSTRUST_REQUESTTYPE_BATCH_VALIDATE);
request.getAny().add(requestType);
ValidateTargetType validateTarget = new ValidateTargetType();
JAXBElement<BinarySecurityTokenType> token = createToken();
validateTarget.setAny(token);
JAXBElement<ValidateTargetType> validateTargetType = new JAXBElement<ValidateTargetType>(QNameConstants.VALIDATE_TARGET, ValidateTargetType.class, validateTarget);
request.getAny().add(validateTargetType);
requestCollection.getRequestSecurityToken().add(request);
request = new RequestSecurityTokenType();
request.getAny().add(tokenType);
request.getAny().add(requestType);
validateTarget.setAny(token);
request.getAny().add(validateTargetType);
requestCollection.getRequestSecurityToken().add(request);
// Mock up message context
MessageImpl msg = new MessageImpl();
WrappedMessageContext msgCtx = new WrappedMessageContext(msg);
// Validate a token
RequestSecurityTokenResponseCollectionType response = requestCollectionOperation.requestCollection(requestCollection, null, msgCtx);
List<RequestSecurityTokenResponseType> securityTokenResponse = response.getRequestSecurityTokenResponse();
assertEquals(securityTokenResponse.size(), 2);
assertTrue(validateResponse(securityTokenResponse.get(0)));
assertTrue(validateResponse(securityTokenResponse.get(1)));
}
Also used :
RequestSecurityTokenType(org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenType)
ArrayList(java.util.ArrayList)
RequestSecurityTokenResponseType(org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenResponseType)
StaticSTSProperties(org.apache.cxf.sts.StaticSTSProperties)
RequestSecurityTokenCollectionType(org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenCollectionType)
JAXBElement(javax.xml.bind.JAXBElement)
RequestSecurityTokenResponseCollectionType(org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenResponseCollectionType)
TokenValidator(org.apache.cxf.sts.token.validator.TokenValidator)
STSPropertiesMBean(org.apache.cxf.sts.STSPropertiesMBean)
BinarySecurityTokenType(org.apache.cxf.ws.security.sts.provider.model.secext.BinarySecurityTokenType)
WrappedMessageContext(org.apache.cxf.jaxws.context.WrappedMessageContext)
ValidateTargetType(org.apache.cxf.ws.security.sts.provider.model.ValidateTargetType)
MessageImpl(org.apache.cxf.message.MessageImpl)
Example 2 with RequestSecurityTokenCollectionType
use of org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenCollectionType in project cxf by apache.
the class IssueSamlUnitTest method testIssueMultipleSamlTokens.
/**
* Test to successfully issue multiple Saml tokens. It request a SAML 1.1 and SAML 2 token.
*/
@org.junit.Test
public void testIssueMultipleSamlTokens() throws Exception {
TokenIssueOperation issueOperation = new TokenIssueOperation();
// Add Token Provider
List<TokenProvider> providerList = new ArrayList<>();
providerList.add(new SAMLTokenProvider());
issueOperation.setTokenProviders(providerList);
// Add Service
ServiceMBean service = new StaticService();
service.setEndpoints(Collections.singletonList("http://dummy-service.com/dummy"));
issueOperation.setServices(Collections.singletonList(service));
// Add STSProperties object
STSPropertiesMBean stsProperties = new StaticSTSProperties();
Crypto crypto = CryptoFactory.getInstance(getEncryptionProperties());
stsProperties.setEncryptionCrypto(crypto);
stsProperties.setSignatureCrypto(crypto);
stsProperties.setEncryptionUsername("myservicekey");
stsProperties.setSignatureUsername("mystskey");
stsProperties.setCallbackHandler(new PasswordCallbackHandler());
stsProperties.setIssuer("STS");
issueOperation.setStsProperties(stsProperties);
// Mock up a request
RequestSecurityTokenCollectionType requestCollection = new RequestSecurityTokenCollectionType();
// SAML 1.1 request
RequestSecurityTokenType request = new RequestSecurityTokenType();
JAXBElement<String> tokenType = new JAXBElement<String>(QNameConstants.TOKEN_TYPE, String.class, WSS4JConstants.WSS_SAML_TOKEN_TYPE);
request.getAny().add(tokenType);
request.getAny().add(createAppliesToElement("http://dummy-service.com/dummy"));
requestCollection.getRequestSecurityToken().add(request);
// SAML 2 request
request = new RequestSecurityTokenType();
JAXBElement<String> tokenType2 = new JAXBElement<String>(QNameConstants.TOKEN_TYPE, String.class, WSS4JConstants.WSS_SAML2_TOKEN_TYPE);
request.getAny().add(tokenType2);
request.getAny().add(createAppliesToElement("http://dummy-service.com/dummy"));
requestCollection.getRequestSecurityToken().add(request);
// Mock up message context
MessageImpl msg = new MessageImpl();
WrappedMessageContext msgCtx = new WrappedMessageContext(msg);
Principal principal = new CustomTokenPrincipal("alice");
msgCtx.put(SecurityContext.class.getName(), createSecurityContext(principal));
// Issue a token
RequestSecurityTokenResponseCollectionType response = issueOperation.issue(requestCollection, principal, msgCtx);
List<RequestSecurityTokenResponseType> securityTokenResponse = response.getRequestSecurityTokenResponse();
assertEquals(securityTokenResponse.size(), 2);
// Test the generated tokens.
Element assertion = null;
for (Object tokenObject : securityTokenResponse.get(0).getAny()) {
if (tokenObject instanceof JAXBElement<?> && REQUESTED_SECURITY_TOKEN.equals(((JAXBElement<?>) tokenObject).getName())) {
RequestedSecurityTokenType rstType = (RequestedSecurityTokenType) ((JAXBElement<?>) tokenObject).getValue();
assertion = (Element) rstType.getAny();
break;
}
}
assertNotNull(assertion);
String tokenString = DOM2Writer.nodeToString(assertion);
assertTrue(tokenString.contains("AttributeStatement"));
assertTrue(tokenString.contains("alice"));
assertTrue(tokenString.contains(SAML1Constants.CONF_BEARER));
for (Object tokenObject : securityTokenResponse.get(1).getAny()) {
if (tokenObject instanceof JAXBElement<?> && REQUESTED_SECURITY_TOKEN.equals(((JAXBElement<?>) tokenObject).getName())) {
RequestedSecurityTokenType rstType = (RequestedSecurityTokenType) ((JAXBElement<?>) tokenObject).getValue();
assertion = (Element) rstType.getAny();
break;
}
}
assertNotNull(assertion);
tokenString = DOM2Writer.nodeToString(assertion);
assertTrue(tokenString.contains("AttributeStatement"));
assertTrue(tokenString.contains("alice"));
assertTrue(tokenString.contains(SAML2Constants.CONF_BEARER));
}
Also used :
ServiceMBean(org.apache.cxf.sts.service.ServiceMBean)
RequestSecurityTokenType(org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenType)
JAXBElement(javax.xml.bind.JAXBElement)
Element(org.w3c.dom.Element)
ArrayList(java.util.ArrayList)
RequestSecurityTokenResponseType(org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenResponseType)
StaticSTSProperties(org.apache.cxf.sts.StaticSTSProperties)
RequestedSecurityTokenType(org.apache.cxf.ws.security.sts.provider.model.RequestedSecurityTokenType)
StaticService(org.apache.cxf.sts.service.StaticService)
RequestSecurityTokenResponseCollectionType(org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenResponseCollectionType)
CustomTokenPrincipal(org.apache.wss4j.common.principal.CustomTokenPrincipal)
TokenProvider(org.apache.cxf.sts.token.provider.TokenProvider)
SAMLTokenProvider(org.apache.cxf.sts.token.provider.SAMLTokenProvider)
PasswordCallbackHandler(org.apache.cxf.sts.common.PasswordCallbackHandler)
RequestSecurityTokenCollectionType(org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenCollectionType)
JAXBElement(javax.xml.bind.JAXBElement)
Crypto(org.apache.wss4j.common.crypto.Crypto)
SAMLTokenProvider(org.apache.cxf.sts.token.provider.SAMLTokenProvider)
STSPropertiesMBean(org.apache.cxf.sts.STSPropertiesMBean)
WrappedMessageContext(org.apache.cxf.jaxws.context.WrappedMessageContext)
SecurityContext(org.apache.cxf.security.SecurityContext)
MessageImpl(org.apache.cxf.message.MessageImpl)
CustomTokenPrincipal(org.apache.wss4j.common.principal.CustomTokenPrincipal)
Principal(java.security.Principal)
Example 3 with RequestSecurityTokenCollectionType
use of org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenCollectionType in project cxf by apache.
the class IssueUnitTest method testIssueMultipleTokens.
/**
* Test to successfully issue multiple (dummy) tokens.
*/
@org.junit.Test
public void testIssueMultipleTokens() throws Exception {
TokenIssueOperation issueOperation = new TokenIssueOperation();
// Add Token Provider
List<TokenProvider> providerList = new ArrayList<>();
providerList.add(new DummyTokenProvider());
issueOperation.setTokenProviders(providerList);
// Add Service
ServiceMBean service = new StaticService();
service.setEndpoints(Collections.singletonList("http://dummy-service.com/dummy"));
issueOperation.setServices(Collections.singletonList(service));
// Add STSProperties object
STSPropertiesMBean stsProperties = new StaticSTSProperties();
issueOperation.setStsProperties(stsProperties);
// Mock up a request
RequestSecurityTokenCollectionType requestCollection = new RequestSecurityTokenCollectionType();
RequestSecurityTokenType request = new RequestSecurityTokenType();
JAXBElement<String> tokenType = new JAXBElement<String>(QNameConstants.TOKEN_TYPE, String.class, DummyTokenProvider.TOKEN_TYPE);
request.getAny().add(tokenType);
request.getAny().add(createAppliesToElement("http://dummy-service.com/dummy"));
requestCollection.getRequestSecurityToken().add(request);
request = new RequestSecurityTokenType();
request.getAny().add(tokenType);
request.getAny().add(createAppliesToElement("http://dummy-service.com/dummy"));
requestCollection.getRequestSecurityToken().add(request);
// Mock up message context
MessageImpl msg = new MessageImpl();
WrappedMessageContext msgCtx = new WrappedMessageContext(msg);
// Issue a token
RequestSecurityTokenResponseCollectionType response = issueOperation.issue(requestCollection, null, msgCtx);
List<RequestSecurityTokenResponseType> securityTokenResponse = response.getRequestSecurityTokenResponse();
assertEquals(securityTokenResponse.size(), 2);
}
Also used :
ServiceMBean(org.apache.cxf.sts.service.ServiceMBean)
RequestSecurityTokenType(org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenType)
ArrayList(java.util.ArrayList)
RequestSecurityTokenResponseType(org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenResponseType)
StaticSTSProperties(org.apache.cxf.sts.StaticSTSProperties)
RequestSecurityTokenCollectionType(org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenCollectionType)
JAXBElement(javax.xml.bind.JAXBElement)
StaticService(org.apache.cxf.sts.service.StaticService)
RequestSecurityTokenResponseCollectionType(org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenResponseCollectionType)
TokenProvider(org.apache.cxf.sts.token.provider.TokenProvider)
STSPropertiesMBean(org.apache.cxf.sts.STSPropertiesMBean)
WrappedMessageContext(org.apache.cxf.jaxws.context.WrappedMessageContext)
MessageImpl(org.apache.cxf.message.MessageImpl)
Example 4 with RequestSecurityTokenCollectionType
use of org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenCollectionType in project cxf by apache.
the class SecurityTokenServiceProvider method invoke.
public Source invoke(Source request) {
Source response = null;
try {
Object obj = convertToJAXBObject(request);
Object operationImpl = null;
Method method = null;
if (obj instanceof RequestSecurityTokenCollectionType) {
operationImpl = operationMap.get(WSTRUST_REQUESTTYPE_REQUESTCOLLECTION);
method = OPERATION_METHODS.get(WSTRUST_REQUESTTYPE_REQUESTCOLLECTION);
} else {
RequestSecurityTokenType rst = (RequestSecurityTokenType) obj;
List<?> objectList = rst.getAny();
for (Object o : objectList) {
if (o instanceof JAXBElement) {
QName qname = ((JAXBElement<?>) o).getName();
if (qname.equals(new QName(WSTRUST_13_NAMESPACE, WSTRUST_REQUESTTYPE_ELEMENTNAME))) {
String val = ((JAXBElement<?>) o).getValue().toString();
operationImpl = operationMap.get(val);
method = OPERATION_METHODS.get(val);
break;
}
}
}
}
if (operationImpl == null || method == null) {
throw new Exception("Implementation for this operation not found.");
}
obj = method.invoke(operationImpl, obj, context.getUserPrincipal(), context.getMessageContext());
if (obj == null) {
throw new Exception("Error in implementation class.");
}
if (obj instanceof RequestSecurityTokenResponseCollectionType) {
RequestSecurityTokenResponseCollectionType tokenResponse = (RequestSecurityTokenResponseCollectionType) obj;
response = new JAXBSource(jaxbContext, new ObjectFactory().createRequestSecurityTokenResponseCollection(tokenResponse));
} else {
RequestSecurityTokenResponseType tokenResponse = (RequestSecurityTokenResponseType) obj;
response = new JAXBSource(jaxbContext, new ObjectFactory().createRequestSecurityTokenResponse(tokenResponse));
}
} catch (InvocationTargetException ex) {
Throwable cause = ex.getCause();
throw createSOAPFault(cause);
} catch (Exception ex) {
throw createSOAPFault(ex);
}
return response;
}
Also used :
QName(javax.xml.namespace.QName)
RequestSecurityTokenType(org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenType)
RequestSecurityTokenResponseType(org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenResponseType)
Method(java.lang.reflect.Method)
RequestSecurityTokenCollectionType(org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenCollectionType)
JAXBElement(javax.xml.bind.JAXBElement)
RequestSecurityTokenResponseCollectionType(org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenResponseCollectionType)
Source(javax.xml.transform.Source)
JAXBSource(javax.xml.bind.util.JAXBSource)
InvocationTargetException(java.lang.reflect.InvocationTargetException)
JAXBSource(javax.xml.bind.util.JAXBSource)
InvocationTargetException(java.lang.reflect.InvocationTargetException)
ObjectFactory(org.apache.cxf.ws.security.sts.provider.model.ObjectFactory)
Aggregations
JAXBElement (javax.xml.bind.JAXBElement)4
RequestSecurityTokenCollectionType (org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenCollectionType)4
RequestSecurityTokenResponseCollectionType (org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenResponseCollectionType)4
RequestSecurityTokenResponseType (org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenResponseType)4
RequestSecurityTokenType (org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenType)4
ArrayList (java.util.ArrayList)3
WrappedMessageContext (org.apache.cxf.jaxws.context.WrappedMessageContext)3
MessageImpl (org.apache.cxf.message.MessageImpl)3
STSPropertiesMBean (org.apache.cxf.sts.STSPropertiesMBean)3
StaticSTSProperties (org.apache.cxf.sts.StaticSTSProperties)3
ServiceMBean (org.apache.cxf.sts.service.ServiceMBean)2
StaticService (org.apache.cxf.sts.service.StaticService)2
TokenProvider (org.apache.cxf.sts.token.provider.TokenProvider)2
InvocationTargetException (java.lang.reflect.InvocationTargetException)1
Method (java.lang.reflect.Method)1
Principal (java.security.Principal)1
JAXBSource (javax.xml.bind.util.JAXBSource)1
QName (javax.xml.namespace.QName)1
Source (javax.xml.transform.Source)1
SecurityContext (org.apache.cxf.security.SecurityContext)1
